Solved: Add-on Microsoft Office 365: what is the most effi...

tomapatan · ‎01-18-2023

Recently we needed to update the Client Secret for one of our tenants and I wanted to ask what is the most efficient way of tracking what the token expiry date is and to create an alert in Splunk?

I had a look at the logs and couldn`t find anything to indicate when the access token is about to expire.

PaulPanther · ‎01-18-2023

1. Easiest but static & manual way could be filling token name and expiry date into a lookup table & set a scheduled search on top

2. Setup a scripted input and call the API endpoint to get the expiry date for the token, write the information in a index, save them into a lookup table & set a scheduled search on top

View solution in original post

PaulPanther · ‎01-18-2023

1. Easiest but static & manual way could be filling token name and expiry date into a lookup table & set a scheduled search on top

2. Setup a scripted input and call the API endpoint to get the expiry date for the token, write the information in a index, save them into a lookup table & set a scheduled search on top

Add-on Microsoft Office 365: what is the most efficient way of tracking what the token expiry date is?

other

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?